The Banking and Financial Services Industry is targeted by cybersecurity attackers 300 times more frequently than other industries. Financial firms are spending on average $3,000 per employee on cyber security reflecting a three fold increase in the last four years to combat the surge of state level attacks on their data. Cybercriminals and state sponsored attacks targeting banks are becoming increasingly sophisticated, stealing sensitive customer data for a variety of fraudulent activities.
Breaches in the financial sector compromise significantly more information records than breaches in other sectors.
Of the data breaches reported last year, 19% involved the financial sector, including entities such as banks, credit unions, credit card companies, mortgage and loan brokers, financial services, investment firms and trust companies, payday lenders and pension funds. While the banks and financial institutions make up less than 20% of total data breaches, breaches in the financial sector compromise significantly more information records than breaches in other sectors.
Recent Breaches Highlight Sector Impact
Three examples of cybersecurity breaches in the financial services industry highlight the importance of financial services professionals being aware of the breadth and causes of successful cyberattacks while serving as a reminder of the need to keep their data secured at the highest standard.
Valuable Customer Data Enables Identify Theft
Data held by financial institutions is highly valuable because it allows cybercriminals to perpetrate fraud for financial gain
The reason is simple: the data held by financial institutions is highly valuable because it allows cybercriminals to perpetrate fraud for financial gain such gaining access to existing accounts, opening fraudulent accounts and obtaining lines of credits. Three critical pieces of data that the Banking and Financial Markets industry tries to protect are the customer's identity, account information, and credit card information. This information can be discovered through several data sources that banks and financial institutions routinely store in customer files:
Losing Reputation and Trust Means Losing Customers
Providing customers with a positive digital experience without compromising on security is key for banks and financial services companies in today’s market. Attacks on banks and financial services can result in significant, tangible damages such as lawsuits, legal fees, fines and fraud monitoring costs. For example, following a data breach one organization was obliged to provide affected customers with free credit monitoring for one year, and to reimburse all resulting damages.
In addition to substantial immediate costs to the organization, longer term intangible costs include the loss of customer trust from compromised personal data and potential reputation damage that could impact the company’s brand and market value
Loss of customer trust from compromised personal data and potential reputation damage that could impact the company’s brand and market value
In a survey of identity theft and fraud victims, a significant number of respondents left their banks (28 percent), credit card companies (22.4 percent) and credit unions (12.3 percent) as result of unauthorized activity on their accounts.
A Regulatory Response to Financial Sector Breaches
State governments are taking steps to ensure banks and financial institutions follow best practices in protecting customer data. The New York Department of Financial Services (NYDFS) Cybersecurity Regulation, also known as the 23 NYCRR Part 500. The regulation puts more accountability for cybersecurity breaches on senior executives of financial services companies operating in New York City.
Just this single regulation is estimated to affect around 1,900 businesses in the Banking and Financial Markets industry. Firms are required to perform regular audits and employee training activities to comply with the regulation.
These institutions are subject to the cybersecurity requirements published by the NYDFS. There are 22 provisions in total, each relating to data protection. As per the requirements, financial institutions must perform risk assessments in order to identify loopholes and ensure that nonpublic information and information systems are safe from unauthorized access. These may include risk-based authentication, multi factor authentication, and biometric authentication.
To address these needs, the size of the cybersecurity market servicing the financial sector is growing at a rapid pace and is projected to exceed $68 billion by 2020.
Recognize Risk and Take Steps To Mitigate
Financial institutions will continue to face ongoing cybersecurity threats. Cybercriminals will continue to seek out and find new ways to infiltrate your organization’s network. The goal might be to steal customer data or money. Regardless of the goal, the methods cybercriminals employ are constantly evolving and becoming more sophisticated and potentially damaging.
To properly respond, financial institutions must be prepared to adapt and redirect at every turn to counter both these evolving threats and from old proven methods. It is also critical that banks and other financial institutions take steps to prepare for a cyber breach by having a data breach response plan in place.
A growing number of CEOs recognize the emergence of data breaches and cyber attacks as the greatest risk banks and financial services companies face. That is the purpose behind the development of CyCloud - CyLogic’s flagship offering. We deliver a higher level of security than any public cloud provider. Our team would be happy to discuss how to mitigate the complex challenges the banking and financial services sector faces.
FedRAMP - The Gold Standard of Cloud Security
The last few years have seen a series of high-profile breaches against large institutions, particularly in the banking industry. Many firms have been accused of being stuck in a “90’s” cybersecurity mentality believing that on premise networks, strong firewalls, and anti-virus software were sufficient to ward off most cyber-attacks.
Security has always been about identifying who or what can be trusted accessing data, and what they can do with that access
READ more >
You Are Always In Control With CyCloud
The Economist wrote that “The world’s most valuable resource is no longer oil, but data.” You’re doing a lot to protect your data, but what about keeping control of your data? Having transparency about where your data is located and who has access to it are key components of controlling your data.
READ more >
Cybersecurity Challenges in The Aerospace and Defense Industry
Many sectors in a modern economy are perceived to be critical to our nation’s economic well being. The aerospace and defense sector is uniquely positioned as it is crucial not only to the economy but also to national security. A cybersecurity breach in this sector could cause direct financial damage, weaken our national defense and competitive position and put lives at risk.
READ more >